![background image](http://html1.mh-extra.com/html/zyxel-communications/atp200/atp200_user-manual_943710404.webp)
Chapter 20 IPSec VPN
ZyWALL ATP Series User’s Guide
404
• A subnet or range remote policy
The following VPN Gateway rules configured on the Zyxel Device cannot be provisioned to the IPSec
VPN Client:
• IPv4 rules with IKEv2 version
• IPv4 rules with User-based PSK authentication
Note: You must enable IPv6 in System > IPv6 to activate IPv6 VPN tunneling rules.
In the Zyxel Device
Quick Setup
wizard, you can use the
VPN Settings for Configuration Provisioning
wizard to create a VPN rule that will not violate these restrictions.
Figure 277
Configuration > VPN > IPSec VPN > Configuration Provisioning
Each field is discussed in the following table.
Table 161 Configuration > VPN > IPSec VPN > Configuration Provisioning
LABEL
DESCRIPTION
Enable
Configuration
Provisioning
Select this for users to be able to retrieve VPN rule settings using the Zyxel Device IPSec VPN
client.
Client
Authentication
Method
Choose how users should be authenticated. They can be authenticated using the local
database on the Zyxel Device or an external authentication database such as LDAP, Active
Directory or RADIUS.
default
is a method you configured in
Object > Auth Method.
You may
configure multiple methods there. If you choose the local database on the Zyxel Device, then
configure users using the
Object > User/Group
screen. If you choose LDAP, Active Directory or
RADIUS authentication servers, then configure users on the respective server.
Configuration
When you add or edit a configuration provisioning entry, you are allowed to set the
VPN
Connection
and
Allowed User
fields.
Duplicate entries are not allowed. You cannot select the same
VPN Connection
and
Allowed
User
pair in a new entry if the same pair exists in a previous entry.
You can bind different rules to the same user, but the Zyxel Device will only allow VPN rule setting
retrieval for the first match found.